NEWBIE help for subdomain not working

I did review that yesterday… jennifer.dellazanna.com is on one level away from dellazanna.com, so it is not too deep.

I can’t access the sub if I have the CNAME DNS record with an Orange Cloud.

Sandro said… in this thread "Does your server IP address end in 246?

If so, that was not stellar advice :wink: as there’s no proper certificate in the first place which could be working fine :

I assume you’ll also have a broken encryption mode selected on Cloudflare → Why you should choose Full Strict, and only Full Strict. Double check that as well."

So… they said the domain does not have a “proper certificate” not sure how to determine that or correct it.

That might be the original certificate from GoDaddy. Best practice on certs is to include, literally, dellazanna.com and *.dellazanna.com. This is typically the default for Cloudflare’s Origin CA cert.

I don’t know why the top image didn’t include the www or jennifer subdomains.

If you paste the certificate text (not the key text…that’s supposed to be a secret), this tester should show you which hostnames it’s valid for. It should be the domain plus the wildcard subdomain.
https://www.sslshopper.com/certificate-decoder.html

Dam, I think you might be correct, but no idea how to fix it. I had a free SSL Cet through ZEN plug in. This is what I got when I ran it through thta site.

Certificate Information:
Common Name: dellazanna.com
Subject Alternative Names: *.dellazanna.com, dellazanna.com
Valid From: July 20, 2021
Valid To: October 18, 2021
Issuer: R3, Let’s Encrypt Write review of Let’s Encrypt
Serial Number: 039569c1913b2e16c0d7c447fa6c0a5af8ea

I contacted Zen after GoDaddy said they had to delete the cert… and Zen said they do not save anything. (again I do not understand the process).

Is there a way to get rid of all certificates and start fresh…

That’s all up to the host. It’s their server. Cloudflare only provides an Origin cert in a pinch.

My certificate was stil from the old Free SSL. GoDaddy could see the CloudFlare Certificate, but it was no associated with any domain— That is what he said.

GoDaddy walked with through deleting it and all SSL certificates and he manually deleted it from the server.

I would like to start over with CloudFlare… start from scratch, so I know I followed the steps in order. I made a Cert Signing Request. Any Red Flags I should be aware of deleteing the domain and starting over?

I read “If DNSSEC is activated via Cloudflare, remove the DS record from the registrar configuration in the DNS app before removing your Cloudflare domain.” and I did that.

Turn off DNSSEC at your domain registrar, and change the name servers back to GoDaddy.

Then back to this:

Thanks to GoDaddy’s Tech Support my original SSL problem ended up being unrecoverable. Many Thanks for your help and patience.

Called GoDaddy for help with the persistent expired SSL cert from ZEN that I tried to delete several times. GoDaddy walked me through re-deleting the SSL CERT and when they checked they still found it on their server. Whatever they did after that— I lost my main domain completely and somehow they corrupted my subdomain. I tried to restore both with backups—still did not work. Figured it might be easiest to just delete everything and start over. They wanted me to pay for a Tech Support package–after they trashed it.

After seeing the video below, I understand how my questions must have frustrated you. I was done in 10 min. A key stumbling point for me was that I did not know that Origin Certificate is the same as Certificate CRT. Thanks for everyone’s help. Now setting up the sites this weekend.

1 Like